[php-maint] Bug PHP xsl CVE-2012-0057.patch

Thijs Kinkhorst thijs at debian.org
Tue Jan 31 12:35:17 UTC 2012

On Tue, January 31, 2012 10:33, grok at no-log.org wrote:
> Hi,
> I don't know who I'm sending this message to the right address:
> A recent update in debian 6.0.4 broke php5-xsl.
> I found the bug in patch: CVE-2012-0057.patch
> On line 478 of the patched file ext/xsl/xsltprocessor.c:
> Should be :	int secPrefsError=0;
> Instead of: int secPrefsError;
> Otherwise you will always get the error:
> warning: XSLTProcessor::transformToXml() [xsltprocessor.transformtoxml]:
> Can't set libxslt security properties, not doing transformation for
> security reasons

Thank you for letting us know. A regression fix is already in preparation
and will be released later today.


More information about the pkg-php-maint mailing list